[Python-checkins] peps: Make API And Implementation section less wishy-washy.
steven.daprano
python-checkins at python.org
Mon Apr 11 13:27:34 EDT 2016
https://hg.python.org/peps/rev/c14c62e1f6d6
changeset: 6278:c14c62e1f6d6
user: Steven D'Aprano <steve at pearwood.info>
date: Tue Apr 12 03:26:55 2016 +1000
summary:
Make API And Implementation section less wishy-washy.
Per GvR's request, be more specific about what is included.
files:
pep-0506.txt | 42 +++++++++++++++++----------------------
1 files changed, 18 insertions(+), 24 deletions(-)
diff --git a/pep-0506.txt b/pep-0506.txt
--- a/pep-0506.txt
+++ b/pep-0506.txt
@@ -113,13 +113,14 @@
API and Implementation
======================
-The contents of the ``secrets`` module is expected to evolve over time, and
-likely will evolve between the time of writing this PEP and actual release
-in the standard library [#]_. At the time of writing, the following functions
-have been suggested:
+This PEP proposes the following functions for the ``secrets`` module:
-* A high-level function for generating secure tokens suitable for use
- in (e.g.) password recovery, as session keys, etc.
+* Functions for generating tokens suitable for use in (e.g.) password
+ recovery, as session keys, etc., in the following formats:
+
+ - as bytes, ``secrets.token_bytes``;
+ - as text, using hexadecimal digits, ``secrets.token_hex``;
+ - as text, using URL-safe base-64 encoding, ``secrets.token_urlsafe``.
* A limited interface to the system CSPRNG, using either ``os.urandom``
directly or ``random.SystemRandom``. Unlike the ``random`` module, this
@@ -128,13 +129,13 @@
following:
- A function for choosing items from a sequence, ``secrets.choice``.
- - A function for generating an integer within some range, such as
- ``secrets.randrange`` or ``secrets.randint`` [#]_.
- A function for generating a given number of random bits and/or bytes
- as an integer.
- - A similar function which returns the value as a hex digit string.
+ as an integer, ``secrets.randbits``.
+ - A function for returning a random integer in the half-open range
+ 0 to the given upper limit, ``secrets.randbelow`` [#]_.
-* ``hmac.compare_digest`` under the name ``equal``.
+* A function for comparing text or bytes digests for equality while being
+ resistent to timing attacks, ``secrets.compare_digest``.
The consensus appears to be that there is no need to add a new CSPRNG to
the ``random`` module to support these uses, ``SystemRandom`` will be
@@ -143,16 +144,14 @@
Some illustrative implementations have been given by Nick Coghlan [#]_
and a minimalist API by Tim Peters [#]_. This idea has also been discussed
on the issue tracker for the "cryptography" module [#]_. The following
-pseudo-code can be taken as a possible starting point for the real
+pseudo-code should be taken as the starting point for the real
implementation::
from random import SystemRandom
- from hmac import compare_digest as equal
+ from hmac import compare_digest
_sysrand = SystemRandom()
- randrange = _sysrand.randrange
- randint = _sysrand.randint
randbits = _sysrand.getrandbits
choice = _sysrand.choice
@@ -169,7 +168,7 @@
def token_hex(nbytes=None):
return binascii.hexlify(token_bytes(nbytes)).decode('ascii')
- def token_url(nbytes=None):
+ def token_urlsafe(nbytes=None):
tok = token_bytes(nbytes)
return base64.urlsafe_b64encode(tok).rstrip(b'=').decode('ascii')
@@ -372,14 +371,9 @@
.. [#] At least those who are motivated to read the source code and documentation.
-.. [#] Tim Peters suggests that bike-shedding the contents of the module will
- be 10000 times more time consuming than actually implementing the
- module. Words do not begin to express how much I am looking forward to
- this.
-
-.. [#] After considerable discussion, Guido ruled that the module will instead
- provide a function, ``randbelow``. See
- http://code.activestate.com/lists/python-dev/138375/
+.. [#] After considerable discussion, Guido ruled that the module need only
+ provide ``randbelow``, and not similar functions ``randrange`` or
+ ``randint``. http://code.activestate.com/lists/python-dev/138375/
.. [#] https://mail.python.org/pipermail/python-ideas/2015-September/036271.html
--
Repository URL: https://hg.python.org/peps
More information about the Python-checkins
mailing list